Attacks which modify the target system or
message, i.e. attacks which violate the integrity of the
system or message are examples of an active
attack. Another example in this category is an
attack on the availability
of a system or service, a so-called denial-of-service
(DoS) attack.

The process of proving that a person or other
agent has been correctly identified, or that a
message is received as transmitted.
Authentication supports the principle of accountability.
Methods of authentication can be based on:

what you know, such as a logon
password

what you have, such as a key or card

what you are; this includes various
biometrics such as fingerprints, retina
patterns, voice and face characteristics

Monitoring network transmissions to gather
information. This is a form of passive
attack on data confidentiality
and includes unauthorized interception of
messages. Gathering unprotected passwords is
often the primary reason for mounting an
eavesdropping attack on a network.

When confidentiality
is violated but the state of the system is not
affected, an attack is passive. An
example is the electronic
eavesdropping on network transmissions
to release message contents or to gather
unprotected passwords.